Add support for defining more granular pod/container security contexts

Makefile

@@ -147,7 +147,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.0
-CONTROLLER_TOOLS_VERSION ?= v0.11.3
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

api/doris/v1/types.go

@@ -124,10 +124,6 @@ type BaseSpec struct {
  //example: if you want to use `stream load` to load data into doris out k8s, you can use be service and config different service type for loading data.
  Service *ExportService `json:"service,omitempty"`
 
- //A special supplemental group that applies to all containers in a pod.
- // Some volume types allow the Kubelet to change the ownership of that volume
- // to be owned by the pod:
- FsGroup *int64 `json:"fsGroup,omitempty"`
  // specify register fe addresses
  FeAddress *FeAddress `json:"feAddress,omitempty"`
 
@@ -183,6 +179,14 @@ type BaseSpec struct {
 
  //SystemInitialization for fe, be and cn setting system parameters.
  SystemInitialization *SystemInitialization `json:"systemInitialization,omitempty"`
+
+ //Security context for pod.
+ //+optional
+ SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+
+ //Security context for all containers running in the pod (unless they override it).
+ //+optional
+ ContainerSecurityContext *corev1.SecurityContext `json:"containerSecurityContext,omitempty"`
 }
 
 type SystemInitialization struct {

doc/api.md

@@ -347,19 +347,6 @@ example: if you want to use <code>stream load</code> to load data into doris out
 </tr>
 <tr>
 <td>
-<code>fsGroup</code><br/>
-<em>
-int64
-</em>
-</td>
-<td>
-<p>A special supplemental group that applies to all containers in a pod.
-Some volume types allow the Kubelet to change the ownership of that volume
-to be owned by the pod:</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>feAddress</code><br/>
 <em>
 <a href="#doris.selectdb.com/v1.FeAddress">
@@ -546,6 +533,34 @@ SystemInitialization
 <p>SystemInitialization for fe, be and cn setting system parameters.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>securityContext</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podsecuritycontext-v1-core">
+Kubernetes core/v1.PodSecurityContext
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Security context for pod.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>containerSecurityContext</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#securitycontext-v1-core">
+Kubernetes core/v1.SecurityContext
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Security context for all containers running in the pod (unless they override it).</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="doris.selectdb.com/v1.BeSpec">BeSpec
@@ -940,7 +955,10 @@ string
 </em>
 </td>
 <td>
-<p>the config info for start progress.</p>
+<p>ConfigMapName mapped the configuration files in the doris &lsquo;conf/&rsquo; directory.
+such as &lsquo;fe.conf&rsquo;, &lsquo;be.conf&rsquo;. If HDFS access is involved, there may also be &lsquo;core-site.xml&rsquo; and other files.
+doris-operator mounts these configuration files in the &lsquo;/etc/doris&rsquo; directory by default.
+links them to the &lsquo;conf/&rsquo; directory of the doris component through soft links.</p>
 </td>
 </tr>
 <tr>
@@ -951,8 +969,25 @@ string
 </em>
 </td>
 <td>
-<p>represents the key of configMap. for doris it refers to the config file name for start doris component.
-example: if deploy fe, the resolveKey = fe.conf, if deploy be resolveKey = be.conf, etc.</p>
+<em>(Optional)</em>
+<p>Deprecated: This configuration has been abandoned and will be cleared in version 1.7.0.
+It is currently forced to be &lsquo;fe.conf&rsquo;, &lsquo;be.conf&rsquo;, &lsquo;apache_hdfs_broker.conf&rsquo;
+It is no longer effective. the configuration content will not take effect.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>configMaps</code><br/>
+<em>
+<a href="#doris.selectdb.com/v1.MountConfigMapInfo">
+[]MountConfigMapInfo
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ConfigMaps can mount multiple configmaps to the specified path.
+The mounting path of configmap cannot be repeated.</p>
 </td>
 </tr>
 </tbody>
@@ -2148,6 +2183,46 @@ Currently only valid for Resource metric source type</p>
 </td>
 </tr></tbody>
 </table>
+<h3 id="doris.selectdb.com/v1.MountConfigMapInfo">MountConfigMapInfo
+</h3>
+<p>
+(<em>Appears on:</em><a href="#doris.selectdb.com/v1.ConfigMapInfo">ConfigMapInfo</a>)
+</p>
+<div>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>configMapName</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>name of configmap that needs to mount.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>mountPath</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Current ConfigMap Mount Path.
+If MountConfigMapInfo belongs to the same ConfigMapInfo, their MountPath cannot be repeated.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="doris.selectdb.com/v1.ObjectMetricSource">ObjectMetricSource
 </h3>
 <p>
@@ -2487,5 +2562,5 @@ string
 <hr/>
 <p><em>
 Generated with <code>gen-crd-api-reference-docs</code>
-on git commit <code>724621f</code>.
+on git commit <code>4e2ea72</code>.
 </em></p>